user/exiv2: CVE-2019-20421: infinite loop
| Bugzilla ID | 233 |
| Alias(es) | CVE-2019-20421 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-02-24 22:56:53 -0600 |
| Modified | 2020-03-09 21:55:19 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-20421 |
Description
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input
file can result in an infinite loop and hang, with high CPU
consumption. Remote attackers could leverage this vulnerability to
cause a denial of service via a crafted file.